{"id":53227,"date":"2025-06-18T00:27:12","date_gmt":"2025-06-18T00:27:12","guid":{"rendered":""},"modified":"2025-10-03T07:08:48","modified_gmt":"2025-10-03T13:08:48","slug":"cve-2025-4973-authentication-bypass-vulnerability-in-workreap-wordpress-plugin","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-4973-authentication-bypass-vulnerability-in-workreap-wordpress-plugin\/","title":{"rendered":"CVE-2025-4973: Authentication Bypass Vulnerability in Workreap WordPress Plugin<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

In the digital world, the security of online platforms becomes a growing concern as the rate of cyber-attacks continues to rise. WordPress, being one of the world’s most popular content management systems, is often a prime target for hackers. One such vulnerability, CVE-2025-4973, poses a significant risk to the Workreap plugin<\/a> for WordPress. This plugin, used by the Workreap – Freelance Marketplace WordPress Theme, has a flaw allowing for authentication bypass, which could lead to system compromise<\/a> or data leakage.
\nThis vulnerability matters because it allows<\/a> unauthenticated attackers to log in as registered users, including administrators, if they know the user’s email address. Given that this plugin is widely used in freelance marketplaces, it can potentially put a considerable number of websites and their users at risk.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-4973
\nSeverity: Critical (9.8)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: System compromise; potential data<\/a> leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n